Soter Logo
For InsurersUse CasesPricing
Log InGet Started
Trust & Security

Information Security & Privacy

SoterAI is committed to protecting the confidentiality, integrity, and availability of customer information through enterprise-grade security practices.

View Privacy PolicyData Processing Addendum

Our Security Commitment

SoterAI maintains a comprehensive information security program that implements administrative, technical, and physical safeguards to reasonably and appropriately ensure the confidentiality, integrity, and availability of customer information and intellectual property.

We understand that technology and risk evolve over time. Therefore, we engage qualified third-parties to conduct annual risk assessments and continually evaluate, modify, and adjust our security procedures, policies, and standards to ensure alignment with our documented compliance processes.

SoterAI has designated a security team responsible for guiding all security strategy, policy development, enforcement, training, and maintaining a security-minded culture. This team is also responsible for our incident response process and procedures.

We have designated a Data Protection Officer who is responsible for all data privacy matters, oversight, and governance. Our privacy policy defines our continuous commitment to upholding privacy to the utmost importance.

As part of our third-party vendor management program, we validate our vendors and subprocessors to ensure they meet or exceed our strict data privacy and compliance standards. View our current list of authorized subprocessors.

Security Pillars

Our information security program is built on industry best practices and frameworks including SOC 2, GDPR, CCPA, and HIPAA requirements.

SOC 2 Type II Certified

We maintain SOC 2 Type II certification, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy.

Enterprise-Grade Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Encryption keys are managed securely with strict access controls.

Regulatory Compliance

Our security program is designed to comply with GDPR, CCPA/CPRA, LGPD, PIPEDA, UK GDPR, and the EU AI Act requirements.

Access Controls

Multi-factor authentication (MFA), role-based access controls (RBAC), and regular access reviews ensure only authorized personnel access customer data.

Infrastructure Security

Our infrastructure is hosted on SOC 2 compliant cloud providers with 24/7 monitoring, automated threat detection, and disaster recovery capabilities.

Continuous Monitoring

We conduct regular security assessments, vulnerability scanning, and penetration testing to identify and remediate security risks proactively.

Compliance Frameworks

SoterAI's security program is designed to comply with major data protection regulations worldwide.

GDPR

EU General Data Protection Regulation

CCPA/CPRA

California Consumer Privacy Act

UK GDPR

United Kingdom Data Protection

LGPD

Brazilian Data Protection Law

PIPEDA

Canadian Privacy Law

EU AI Act

AI System Compliance

Security Practices

We implement comprehensive security practices to protect your data at every level.

  • Annual third-party security audits and penetration testing
  • Continuous vulnerability scanning and patch management
  • Security awareness training for all employees
  • Incident response plan with 24-hour breach notification
  • Vendor security assessments and supply chain management
  • Business continuity and disaster recovery planning
  • Data minimization and retention policies
  • Regular security policy reviews and updates

AI-Specific Data Protection

As an AI-powered platform, SoterAI implements additional safeguards specific to AI and machine learning systems:

  • Zero-Data Retention: Customer prompts and data are not retained after processing by our LLM providers.
  • No Model Training: Customer data is never used for training or improving AI models.
  • EU AI Act Compliance: We comply with Regulation (EU) 2024/1689 requirements for AI systems.
  • LLM Provider Oversight: Regular audits of our LLM providers to ensure compliance with data protection obligations.
  • Transparency: Clear documentation of AI processing activities and data flows.

Security Resources

Access our security documentation and policies.

Privacy Policy

Our comprehensive privacy policy covering US and Australian data protection requirements.

View Policy

Subprocessors List

View our authorized third-party subprocessors and their security measures.

View Subprocessors

Data Processing Addendum

Our DPA covering GDPR, CCPA, and other data protection requirements.

View DPA

Terms of Service

Our terms of service and acceptable use policies.

View Terms

Security Questions?

If you have questions about our security practices or need additional documentation for your compliance requirements, please contact our security team.

Contact Security TeamRequest SOC 2 Report
SoterAI

Virtual loss control that reduces injuries and claims

Solutions

  • For Insurers
  • Virtual Loss Control
  • For Employers
  • SoterCoach

Resources

  • Use Cases
  • Case Studies
  • Blog
  • Help Center
  • Pricing
  • Lockton Partnership
  • SoterAI vs FurtherAI
  • SoterAI vs Inseer

Company

  • About Us
  • info@soteranalytics.com
  • SoterAI Trust Centre
  • SoterAI Privacy Policy
  • SoterCoach Privacy Policy
  • Terms of Use

© 2026 SoterAI. All rights reserved.